EBS: Everbridge Updates to Ciphers & Hashes Used for File Encryption

Topic:

Everbridge has made updates to Ciphers & Hashes for File Encryptions.

Description:

What updates were made to File Encryption values? 

The new Encryption values support:

  • Cipher: 3DES, AES128, AES192, AES256
  • Hash: SHA224, SHA256, SHA384, SHA512

These Encryption values have been removed due to security reasons:

  • Cipher: IDEA, CAST5, BLOWFISH, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256
  • Hash: SHA1, RIPEMD160

Why did Everbridge make these changes? 

Everbridge increased the level of security to meet the very stringent Federal Information Processing Standards (FIPS). This effort entailed removing support for some security ciphers/hashes on the Everbridge servers. For compliance-specific related questions reference this document:  "Approved Security Functions for FIPS PUB 140-2, Security Requirements for Cryptographic Modules" - https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf

When did Everbridge make these changes for File Encryption values to drop support for unsupported Ciphers/Hashes? 

09 March 2021 from 5:00pm Pacific US to 10:00pm Pacific US.

How can this impact me if I'm still using an unsupported Cipher/Hash?

As a result of this security change, you will not be able to successfully upload your files until you upgrade or change the ciphers/hashes you have currently set to ones that are supported by Everbridge. 

What are my action items to prepare for these changes? 

If you use the Encryption tools to encrypt files, install the latest version from https://www.gpg4win.de/index.html.

When you use the gpg command to encrypt files with the older gpg version, if the encrypted file has no mdc integrity protection, the upload fails. Use the "--force-mdc" option in the command; for example:
"gpg --force-mdc --cipher-algo AES256 -o filename.gpg -c filename"

NOTE: Refer to https://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=MDC&submit=Search&idxname=info-gnu regarding mdc mode in gpg version 2.2.x.

For security, use the "--cipher-algo" option to specify security algorithm (AES, AES256); for example:

"gpg --force-mdc --cipher-algo AES256 -o filename.gpg -c filename"

Navigate to Account > Settings > Security > Secure FTP to generate new encryption keys. This ensures you are using the latest version to encrypt your files.
Secure FTP - New Encryption Keys
 

Was this article helpful?
0 out of 0 found this helpful

Article Feedback


While we can’t respond to you directly, we’d love to know how we can improve the article.

Please sign in to leave a comment.